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Abstract 

The planning and scheduling of the operations involved in power plant outages has a great impact in terms of costs, 
safety procedures, and the use of scarce resources. Rome Laboratory has been working on a project to evaluate the 
use of advanced planning and scheduling technology for outage management. This project was a collaboration 
between Rome Laboratory, the Electric Power Research Institute (EPRl), Kaman Science and Kestrel Institute under 
the DOD's Dual Use Program. This paper will discuss some limitations of the current scheduling techniques used 
in outage management and outline an alternative approach that automatically enforces safety constraints with time 
windows. 

1. Introduction 

The planning and scheduling of the operations involved in power plant outages has a great impact in terms of costs, 
safety procedures, and the use of scarce resources. In this domain, risk and safety management are essential 
requirements. Thus, planning and scheduling systems, whether manual or automatic, must enforce safety 
constraints guaranteeing that the state of the plant is safe at any time during an outage. Rome Laboratory has been 
working on a project to evaluate the use of advanced planning and scheduling technology for outage management. 
This project was a collaboration between Rome Laboratory, the Electric Power Research Institute (EPRI), Kaman 
Science and Kestrel Institute under the DOD's Dual Use Program. This paper gives an overview of outage 
management, discusses some limitations of the current scheduling techniques, and describes our alternative 
approach. Our work shows that advanced Artificial Intelligence (AI) planning and scheduling techniques provide the 
capability to represent and automatically enforce diverse and complex constraints inherent in large, real-world 
applications. We describe ROMAN, a prototype system developed to demonstrate the use of these techniques in the 
nuclear power plant outage management domain [1,2]. 

II. Overview of Outage Management (Current Outlook) 

Nuclear power plant outages are periodic shutdowns for the purpose of performing refueling and maintenance 
functions which cannot be performed during the operation of a plant. The minimization of shutdowns is critical 
since power generation revenue is lost during the outage phase. The cost of each day of shutdown is in the order cf 
$1,000,000. In general, the goal is to keep outages as short as possible while maintaining the appropriate level cf 
nuclear safety. 

The management of nuclear power plant outages is still a very manual process. Software tools are utilized to 
perform isolated tasks but there is potential for further automation of the process. Utility companies use commercial 
scheduling systems based on Critical Path Methodology (CPM) to assist nuclear plant managers, engineers, and 
operators in scheduling refueling and maintenance activities. While current systems provide adequate detail for 
scheduling activities, safety constraints are not considered during the scheduling phase. A Safety System Functional 
Assessment (SSFAT) Model is applied to the schedule a posteriori to ensure that safety constraints are not violated. 
If the schedule generated using general purpose scheduling tools does not meet the safety requirements re-scheduling 
takes place. The process is repeated until a feasible and safe schedule is generated. Outage Risk Assessment 
Methodology (ORAM) is a software package which provides a SSFAT. ORAM assesses the risk inherent to a 
schedule. ORAM models the effect of the functionality status of components, trains and/or systems on the reliability 
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of safety functions such as decay heat removal, containment integrity, and AC power availabihty. Safety systems 
that are monitored include: 

• ac power control system, 

• primary and secondary containment system 

• fuel pool cooling system 

• inventory control system 

• reactivity control system 

• shutdown coolmg system 

• vital support system 

The status of the plant and safety systems are evaluated by levels of safety denoted by colors: green (no degradation), 
yellow, orange, and red (significant safety concern). The colors are determined by considering complex decision 
trees regarding safety levels. 

In the real world, an outage can consist of 15,000 to 45,000 activities characterized by duration, predecessors, and a 
set of effects on resources (e.g., generator becomes unavailable). 

Gomes [1] defines the outage management problem as follows: 

Given a set of outage activities (refueling operations, repairs, modifications, and maintenance activities), a 
set of resources, and a set of technological constraints' assign times and resources to the activities in such 
a way that the completion of the outage is minimized while safely performing all the activities required by 
the outage. 

III. Rome Laboratory's Approach to Outage Management 

The main goals of this project were to apply advanced Artificial Intelligence (AI) planning and scheduling 
technology in a complex scheduling domain such as outage management, evaluate the technology in terms cf 
capability and ease of use in applying the technology in a new domain, and create benchmark problems for research. 
Since enforcing safety constraints during activity scheduling is not automatically handled with current nuclear power 
plant software systems, this provided an excellent opportunity to not only apply and evaluate the use of advanced 
technology but advance the state of the art in current outage management capability. 

A. Overview of ROMAN 

The Rome Lab Outage MANager (ROMAN) is a prototype system for outage management developed by Rome 
Laboratory in collaboration with Kestrel Institute, EPRI, and Kaman Science [1,2]. Kestrel Institute provided 
technical support for the usage of KIDS and definition of a domain theory for the outage problem suitable for taking 
advantage of KIDS' features. EPRI and Kaman provided the interface with the user and domain information. 
ROMAN was successfully demonstrated to attendees of the EPRI Outage Management Forum held December 6-8, 
1995. The prototype system includes all the constraints currently incorporated in the automatic tools used by 
utilities and, additionally, it includes a SSFAT model for AC Power as a proof of concept. We do not foresee any 
serious problems in modeling other safety systems. ROMAN has a CLIM user interface that interacts with the 
scheduler through function calls. The scheduler is a Lisp program derived and optimized using KIDS technology 
[3] which will be described next. A more detailed description of ROMAN is given in [1,2]. 

B. Advanced Technology Underlying ROMAN 

ROMAN was developed using KIDS (Kestrel Interactive Development System) [3,4]. KIDS is a framework for the 
development of programs from formal specifications using a transformational approach. Program development by 
program transformation consists of compiling, either manually or automatically, a formal specification into an 
efficient implementation by the repeated application of correctness-preserving, source-to-source transformations. The 
development of a program m KIDS involves several stages. The first step consists of building a formal model of the 
domain, the domain theory, which consists of types, operations, laws and inference rules specific to the domain. 



These constraints include precedence and temporal relationships between activities as well as resource constraints. 



The problem specification is the second stage which consists of specifying the constraints, goals, and preferences of a 
particular problem within the domain. The final stage consists of semiautomatically producing an executable 
program. This is achieved by applying several transformations to the problem specification in order to generate 
efficient and fast executable code. This stage is semiautomatic m that the user selects from menus the 
transformations to apply and then the system performs them. Since the transformations are correctness-preserving, 
the executable code is guaranteed to be consistent with the initial problem specification. The transformations used 
in KIDS include algorithmic transformations, program optimization techniques, and data structures refinement [3]. 
The algorithmic transformations allow the user to add search and control mechanisms to a given problem 
specification. KIDS uses a form of deductive inference called directed inference to reason about the problem 
specification in order to automatically apply the various transformations [5] . 

KIDS has been successfully used in the derivation of high performance transportation schedulers [6,7,11]. These 
applications have shown that advanced planning and scheduling technology is beneficial in complex and realistic 
problem domains. However, the development of a KIDS domain theory, the selection and implementation of a 
search strategy, and knowing what sequence of transformations to apply to the initial problem in order to produce 
efficient executable code is not a trivial task. Rome Lab has been looking at KIDS technology as a generic toolkit 
for use m military and non-military domains [8,9,10]. As part of the ROMAN project, we wanted to evaluate the 
level of difficulty and the general model of use for "outsiders" to create real world applications using the KIDS 
framework. These observations will be discussed in Section IV. 

C. ROMAN'S Domain Model 

ROMAN'S domain model includes all the technological constraints currently incorporated m the automatic tools 
used by utilities for schedule generation. It also includes all the constraints regarding the safety function AC Power 
as a proof of concept. 

An important concept in the domain theory for outages of nuclear power plants is the state of the plant. It is 
necessary to maintain information about the plant status at any time during the outage m order to enforce safety 
constraints. As new activities are added to the schedule, ROMAN uses finite differencing and constraint 
propagation to incrementally check that changes made to the state of the plant as a result of the new activity are 
viable with regard to AC Power control. 

ROMAN combines a rich representation for the state of the plant at any time as seen in AI planning approaches with 
efficient constraint-based reasoning techniques as employed in scheduling approaches [1]. By integrating planning 
and scheduling approaches, ROMAN is able to realistically model complex constraints and improve performance 
speed. 

The top level formulation of the outage problem is as follows: 

function : safe-outage-windows (activities) 
returns (schedule \ 

Consistent-Activity-Separation(schedule) and 

Consistent-AC-Power(schedule) and 

All-Activities-Scheduled(activities, schedule)) 

This formulation has a set of activities as input. Each activity has associated with it a duration, a set cf 
predecessors, and a set of effects on resources. The value returned is a schedule which is a partial order of activities 
such that the predicates Consistent-Activity-Separation(schedule), Consistent-AC-Power(schedule), and All- 
Activities-Scheduled(activities, schedule) hold true. Activities in the schedule are assigned time windows which 
define the earliest start time (est) and latest start time (1st) of an activity such that the activity can start at any time 
during the window without increasing the overall duration of the project. Consistent-Activity-Separation(schedule) 
guarantees that the precedence relationships of the activities are satisfied. Consistent-AC-Power(schedule) ensures 
that the schedule verifies the safety constraints from an AC Power perspective. All-Activities-Scheduled(activities, 
schedule) makes sure that all the activities are scheduled. 



Finite differencing is a technique used to perform the computation of functions incrementally rather than 
recomputing them from scratch all the time. 



ROMAN models the scheduling of nuclear power plant outages as a constraint satisfaction problem and combines a 
global search strategy with constraint propagation. Gomes provides more details on this model in [1]. 

D. The ROMAN Interface 

ROMAN allows two views of the schedule. The first view is the Activities Gantt Chart. The raw data gives 
information about the activities to be scheduled, the predecessor relationships between activities, and the effects cf 
the activity (e.g., whether or not the activity has the potential to cause AC Power loss). Each line corresponds to an 
activity and is shown graphically with an initial time window. Time is measured m hours with increasing time 
from left to right. 

Figure 1 represents what a final schedule of activities looks like. Some activities still have time windows or slack 
associated with them. This signifies that the activity can start any time within the time window without affecting 
the finish date of the schedule as a whole. Activities that do not have time windows after being scheduled are 
activities on the critical path. They have no time slack associated with them. 

The schedule can also be viewed from the point of view of Resources & Safety Status (see Figure 2). This gantt 
chart shows the overall status of the plant (first line), the status of AC Power Loss (second line), and the history cf 
the state of the plant for each resource over time (remaining lines). 



The overall state of the plant is measured in colors 
(green) to a significant safety concern (red)). 



green, yellow, orange, or red (ranging from no degradation 



A bar corresponding to AC Power along the second line indicates that a Higher Risk Evolution activity is being 
executed (e.g., an activity that has the potential to cause AC Power loss). When higher risk evolution activities are 
being executed, tighter constraints apply to maintain the level of safety. 

Bars corresponding to each resource (DIVl, DIV2, DIV3, etc.) mean that the resource is being utilized during the 
time frame represented by the bar. The resources listed in the figure are on-site and oif-site generators, e.g., DIVl 
represents a division 1 generator. 
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Figure 1. ROMAN'S Activities Gantt Chart 
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Figure 2. ROMAN'S Resources & Safety Status Gantt Chart 



IV. Tradeoffs of Using Advanced Technology for Outage Management 

The ROMAN prototype has been successfully demonstrated to an EPRI Management Forum and was well received. 
ROMAN is a proof of concept that schedule generation enforcing complex safety constraints is feasible. EPRI is 
interested in using this approach to build the next generation of outage scheduling tools. 

There are several key innovative features that ROMAN provides. Roman generates schedules incorporating very 
complex constraints as in the safety constraints for AC Power. The constraint model used m ROMAN is more 
general than the models used in previous scheduling applications using KIDS technology such as KTS and ITAS 
[6,7,1 1] particularly with regard to the way Maximum on Ground (MOG) port constraints are handled. 

ROMAN provides increased robustness in terms of schedules that are feasible over time intervals rather than a single 
time point as start times. Thus, ROMAN'S solution provides a family of schedules rather than a single fixed 
schedule. 

ROMAN performs fast schedule generation. The current version handles up to 2,000 activities in approximately 1 
minute on a Sparc 2. Additionally, ROMAN has the potential to produce better solutions than current methods m 
terms of minimizing outage length since more possibilities are explored. Human schedulers typically group 
activities pertaining to a single resource together (e.g., schedule all the activities related to resource A before 
activities relating to resource B) imposing precedence constraints that are not always necessary. 

One tradeoff is the maturity and ease of use of KIDS. Kestrel developers are working on the next generation of KIDS 
called Specware [12]. They are also working on interface issues that would make program synthesis tools easier and 
more intuitive to use. 



In light of our experience with ROMAN, we would like to comment on how one might apply the techniques 
described in this paper to another domain of interest. The crucial step is a thorough domain analysis. This task 
must be accomplished in order to develop problem solutions no matter what the approach. A good understanding of 
the domain is required in order to capture the behavior of the particular problem you are trying to solve in a way that 
lends itself to an efficient implementation. In the case of nuclear power plant outage scheduling, an important design 
decision was to formulate the problem in an incremental fashion so that during scheduling as each new activity is 
added to the schedule the effects of that activity are immediately incorporated into the partial schedule guaranteeing 
that safety constraints are not violated. 

Another step is familiarization with the KIDS tool itself. This includes the capability to represent the domain in the 
formal specification language that KIDS is based on. It is also important to have an understanding of how the 
system operates in order to take advantage of mechanisms for efficient constraint propagation and search control. 
One must understand the transformations provided and the sequence in which they should be applied. 

In the ROMAN project, domain support was provided by EPRI and Kaman. Nonetheless, a significant amount cf 
effort went into the development of a correct and explicit problem specification in terms of domain laws and rules to 
take advantage of automatic programming techniques. The current version of ROMAN is the product of several 
refinements of the initial specification. 

V. Future Work/Conclusions 

We feel that ROMAN, as an application of advanced AI planning and scheduling technology, successfully 
demonstrates the commercial viability of laboratory research and development advancements. We plan to use the 
outage problem as a benchmark and vehicle for continued research in complex constraint modeling. ROMAN also 
provides an excellent research vehicle for future work in the combination of AI and Operations Research (OR) 
techniques to solve complex decision problems, particularly in the integration of planning and scheduling which is 
still an ongoing topic in research communities. We will also be looking into the use of more "intelligent" 
scheduling heuristics for ways to improve the efficiency of ROMAN even further. As an alternative to the global 
search strategy currently used in ROMAN, we will be investigating other search strategies such as local search. 
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